Kyoshiro/bip
1
0
Fork 0
forked from bip/bip
Code Pull Requests Activity

Merge branch 'dh_param_not_mandatory'

Browse Source
This commit is contained in:
Pierre-Louis Bonicoli 2018-03-22 02:37:23 +01:00
commit 025689d807
Signed by untrusted user: pilou
GPG Key ID: ADC2651DDACD3538
3 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/bip.c
View File

@ -1332,12 +1332,10 @@ int main(int argc, char **argv)
"readable / writable. Please fix the modes.", "readable / writable. Please fix the modes.",
conf_ssl_certfile); conf_ssl_certfile);
if (!conf_client_dh_file) { if (conf_client_dh_file) {
conf_client_dh_file = default_path(conf_biphome, "dh.pem",
"DH parameters");
}
assert_path_exists(conf_client_dh_file); assert_path_exists(conf_client_dh_file);
} }
}
#endif #endif
check_dir(conf_log_root, 1); check_dir(conf_log_root, 1);

17
src/connection.c
View File

@ -15,6 +15,7 @@
#include <sys/time.h> #include <sys/time.h>
#include <time.h> #include <time.h>
#include "connection.h" #include "connection.h"
#include "path_util.h"
extern int errno; extern int errno;
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
@ -24,6 +25,7 @@ static int ssl_cx_idx;
extern FILE *conf_global_log_file; extern FILE *conf_global_log_file;
static BIO *errbio = NULL; static BIO *errbio = NULL;
extern char *conf_ssl_certfile; extern char *conf_ssl_certfile;
extern char *conf_biphome;
extern char *conf_client_ciphers; extern char *conf_client_ciphers;
extern char *conf_client_dh_file; extern char *conf_client_dh_file;
static int SSLize(connection_t *cn, int *nc); static int SSLize(connection_t *cn, int *nc);
@ -1136,7 +1138,6 @@ static int ctx_set_dh(SSL_CTX *ctx)
FILE *f; FILE *f;
int ret; int ret;
/* Should not fail: already checked in main function */
if ((f = fopen(conf_client_dh_file, "r")) == NULL) { if ((f = fopen(conf_client_dh_file, "r")) == NULL) {
mylog(LOG_ERROR, "Unable to open DH parameters (%s): %s", mylog(LOG_ERROR, "Unable to open DH parameters (%s): %s",
conf_client_dh_file, strerror(errno)); conf_client_dh_file, strerror(errno));
@ -1209,12 +1210,26 @@ connection_t *accept_new(connection_t *cn)
return NULL; return NULL;
} }
if (!conf_client_dh_file) {
// try with a default path but don't fail if it doesn't exist
conf_client_dh_file = default_path(conf_biphome, "dh.pem",
"DH parameters");
struct stat st_buf;
if (stat(conf_client_dh_file, &st_buf) != 0) {
free(conf_client_dh_file);
conf_client_dh_file = NULL;
}
}
if (conf_client_dh_file) {
if (!ctx_set_dh(sslctx)) { if (!ctx_set_dh(sslctx)) {
mylog(LOG_ERROR, "SSL Unable to load DH " mylog(LOG_ERROR, "SSL Unable to load DH "
"parameters"); "parameters");
connection_free(conn); connection_free(conn);
return NULL; return NULL;
} }
}
if (!SSL_CTX_use_certificate_chain_file(sslctx, if (!SSL_CTX_use_certificate_chain_file(sslctx,
conf_ssl_certfile)) conf_ssl_certfile))

2
src/path_util.c
View File

@ -24,7 +24,7 @@ char *default_path(const char *biphome, const char *filename, const char *desc)
conf_file[strlen(biphome)] = '/'; conf_file[strlen(biphome)] = '/';
conf_file[strlen(biphome) + 1] = '\0'; conf_file[strlen(biphome) + 1] = '\0';
strcat(conf_file, filename); strcat(conf_file, filename);
mylog(LOG_INFO, "Using default %s: %s", desc, conf_file); mylog(LOG_INFO, "Default %s: %s", desc, conf_file);
return conf_file; return conf_file;
} }